1// Copyright (C) 2017. See AUTHORS. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15package openssl 16 17import ( 18 "math/big" 19 "testing" 20 "time" 21) 22 23func TestCertGenerate(t *testing.T) { 24 key, err := GenerateRSAKey(2048) 25 if err != nil { 26 t.Fatal(err) 27 } 28 info := &CertificateInfo{ 29 Serial: big.NewInt(int64(1)), 30 Issued: 0, 31 Expires: 24 * time.Hour, 32 Country: "US", 33 Organization: "Test", 34 CommonName: "localhost", 35 } 36 cert, err := NewCertificate(info, key) 37 if err != nil { 38 t.Fatal(err) 39 } 40 if err := cert.Sign(key, EVP_SHA256); err != nil { 41 t.Fatal(err) 42 } 43} 44 45func TestCAGenerate(t *testing.T) { 46 cakey, err := GenerateRSAKey(2048) 47 if err != nil { 48 t.Fatal(err) 49 } 50 info := &CertificateInfo{ 51 Serial: big.NewInt(int64(1)), 52 Issued: 0, 53 Expires: 24 * time.Hour, 54 Country: "US", 55 Organization: "Test CA", 56 CommonName: "CA", 57 } 58 ca, err := NewCertificate(info, cakey) 59 if err != nil { 60 t.Fatal(err) 61 } 62 if err := ca.AddExtensions(map[NID]string{ 63 NID_basic_constraints: "critical,CA:TRUE", 64 NID_key_usage: "critical,keyCertSign,cRLSign", 65 NID_subject_key_identifier: "hash", 66 NID_netscape_cert_type: "sslCA", 67 }); err != nil { 68 t.Fatal(err) 69 } 70 if err := ca.Sign(cakey, EVP_SHA256); err != nil { 71 t.Fatal(err) 72 } 73 key, err := GenerateRSAKey(2048) 74 if err != nil { 75 t.Fatal(err) 76 } 77 info = &CertificateInfo{ 78 Serial: big.NewInt(int64(1)), 79 Issued: 0, 80 Expires: 24 * time.Hour, 81 Country: "US", 82 Organization: "Test", 83 CommonName: "localhost", 84 } 85 cert, err := NewCertificate(info, key) 86 if err != nil { 87 t.Fatal(err) 88 } 89 if err := cert.AddExtensions(map[NID]string{ 90 NID_basic_constraints: "critical,CA:FALSE", 91 NID_key_usage: "keyEncipherment", 92 NID_ext_key_usage: "serverAuth", 93 }); err != nil { 94 t.Fatal(err) 95 } 96 if err := cert.SetIssuer(ca); err != nil { 97 t.Fatal(err) 98 } 99 if err := cert.Sign(cakey, EVP_SHA256); err != nil { 100 t.Fatal(err) 101 } 102} 103 104func TestCertGetNameEntry(t *testing.T) { 105 key, err := GenerateRSAKey(2048) 106 if err != nil { 107 t.Fatal(err) 108 } 109 info := &CertificateInfo{ 110 Serial: big.NewInt(int64(1)), 111 Issued: 0, 112 Expires: 24 * time.Hour, 113 Country: "US", 114 Organization: "Test", 115 CommonName: "localhost", 116 } 117 cert, err := NewCertificate(info, key) 118 if err != nil { 119 t.Fatal(err) 120 } 121 name, err := cert.GetSubjectName() 122 if err != nil { 123 t.Fatal(err) 124 } 125 entry, ok := name.GetEntry(NID_commonName) 126 if !ok { 127 t.Fatal("no common name") 128 } 129 if entry != "localhost" { 130 t.Fatalf("expected localhost; got %q", entry) 131 } 132 entry, ok = name.GetEntry(NID_localityName) 133 if ok { 134 t.Fatal("did not expect a locality name") 135 } 136 if entry != "" { 137 t.Fatalf("entry should be empty; got %q", entry) 138 } 139} 140